Over last weekend and today, I finished up the first steps to making this website, 64SAINT.com, fully secure. As of this moment, the SSL certificate is installed so you should see https:// as the protocol for visiting the site (and trying to use http:// will just redirect you to the secure version), and those browsers that mark such things should have a closed padlock icon next to the address bar.

Locks on Amsterdam bridge

The only security item still to complete on the site is to activate the “Content Security Policy” header, but that’s going to involve some fixing to every blog post, so it’ll be a little while. It is the hardest item to get right, which is why so many secure sites don’t bother.

In doing these changes, I had to “retire” the old “blog.64SAINT.com” subdomain. I debated whether to purchase an SSL certificate just for that, but given that my audience here is small, I decided that virtually no one would have stored a link using it to a page here and so didn’t bother. I have updated all the other places where I used the “blog” subdomain in a link to remove that reference.

Finally, in doing all this, I moved 64SAINT.com’s hosting over to Azure rather than GoDaddy. The main reason was GoDaddy’s cost for a certificate, plus I’d have had to upgrade to a more expensive hosting plan in order to use it. Why bother when I already have an Azure account because of what I do at work (and many of my other domains are already hosted there). This particular change should be invisible to everyone.